Cookie consent
Cookie consent platforms collect and store user consent signals for websites: the records that prove GDPR and ePrivacy compliance. For EU buyers, the critical criterion is where consent logs are hosted and whether the vendor itself is EU-owned. Leading EU options on EU Vetted include ConsentManager (Germany, EU-owned, EU-hosted, no CLOUD Act exposure), Didomi (France, EU-owned, EU-hosted, public DPA), and Iubenda (Italy, EU-owned, EU-hosted, public DPA).
About this category
About Cookie consent
Cookie consent platforms, formally Consent Management Platforms (CMPs), are the technical and legal infrastructure that websites use to collect, record, and document user consent for cookies and similar tracking technologies. They present the cookie banner, capture the user's choice at a granular purpose level, maintain timestamped audit logs, and communicate the consent signal to downstream marketing, analytics, and personalisation scripts. Without a functioning CMP, placing any non-essential cookie on an EU visitor's device is a violation of the ePrivacy Directive and a potential GDPR breach.
For EU buyers, the consent log is itself personal data: it records a user's choices, linked to a browsing session, at a specific time. Where that log is stored and who controls the infrastructure matters for the same reasons it does for any other personal-data processor. A US-owned CMP operating on EU servers is still potentially reachable by the CLOUD Act if the parent company is US-incorporated. EU-owned operators such as ConsentManager (Germany, EU-owned, EU-hosted) and Didomi (France, EU-owned, EU-hosted) are not subject to that direct exposure. Cookiebot (Denmark) and Usercentrics (Germany) are both EU-headquartered but carry US funding that affects their ownership signal.
Each listing carries country of incorporation, ownership signal, and factual compliance signals (EU/adequacy hosting, EU ownership, CLOUD Act exposure, public DPA, sub-processor disclosure), sourced from published DPAs and corporate filings rather than paid placement. Procurement rules that require strictly EU-owned processors point to the ownership filter; the scale filter is the other one worth knowing, since it separates single-site tools from enterprise platforms with multi-domain management, banner A/B testing, and jurisdiction-specific consent flows.
-
ConsentManagerEU-SOVEREIGN
German-owned CMP with own EU data centres (not hyperscaler); ISO 27001, IAB TCF v2 ID 31, 100K+ websites, from €23/mo.
DE Public DPA Sub-processors Open source 0 sub-procs €23 /mo -
DidomiEU-BASED
Paris-based enterprise CMP (founded 2017); ISO 27001, Google-certified CMP; clients include Volvo, Michelin, Yahoo.
FR Public DPA Sub-processors Open source 0 sub-procs €19 /mo -
IubendaEU-BASED
Italian privacy-compliance toolkit (Milan, est. 2010); 150K+ customers; subject to direction of Team.blue NV (Belgium).
IE Public DPA Sub-processors Open source 0 sub-procs €2 /mo -
CookiebotEU-HOSTED
Danish cookie consent (Cybot A/S, est. 2012); ISO 27001 + ISO 27701; acquired by Usercentrics 2022 (now Vista Equity-owned).
DK Public DPA Sub-processors Open source 0 sub-procs €11 /mo -
UsercentricsEU-HOSTED
Munich-based CMP (founded 2017); 2.4M sites / 8.8B monthly consents; now Vista Equity Partners-owned alongside Cookiebot.
DE Public DPA Sub-processors Open source 0 sub-procs €10 /mo
| Compare | Sovereignty | Cert. | Pricing | Signals | Open | ||
|---|---|---|---|---|---|---|---|
|
German-owned CMP with own EU data centres (not hyperscaler); ISO 27001, IAB TCF v2 ID 31, 100K+ websites, from €23/mo.
|
DE
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Freemium
€23 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
Paris-based enterprise CMP (founded 2017); ISO 27001, Google-certified CMP; clients include Volvo, Michelin, Yahoo.
|
PARIS · FR
France
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Paid
€19 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
Italian privacy-compliance toolkit (Milan, est. 2010); 150K+ customers; subject to direction of Team.blue NV (Belgium).
|
MILAN · IE
Ireland
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Freemium
€2 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
Danish cookie consent (Cybot A/S, est. 2012); ISO 27001 + ISO 27701; acquired by Usercentrics 2022 (now Vista Equity-owned).
|
COPENHAGEN · DK
Denmark
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
ISO27701
|
Freemium
€11 /mo
|
Public DPA
Sub-processors
Open source
|
→ | |
|
Munich-based CMP (founded 2017); 2.4M sites / 8.8B monthly consents; now Vista Equity Partners-owned alongside Cookiebot.
|
MUNICH · DE
Germany
|
SOVEREIGNTY
A single roll-up of ownership and CLOUD Act exposure.
|
ISO/IEC 27001
|
Freemium
€10 /mo
|
Public DPA
Sub-processors
Open source
|
→ |
Feature comparison
Beyond compliance: how these alternatives compare on the capabilities you actually use day to day.
| Feature | ConsentManager | Didomi | Iubenda | Cookiebot | Usercentrics |
|---|---|---|---|---|---|
| White-label | Yes | Yes | Yes | Yes | Yes |
| IAB TCF v2 | Yes | Yes | Yes | Yes | Yes |
| Google Consent Mode | Yes | Yes | Yes | Yes | Yes |
| Auto cookie scan | Yes | Yes | Yes | Yes | Yes |
| Geo-targeting | Yes | Yes | Yes | Yes | Yes |
| Consent logging | Yes | Yes | Yes | Yes | Yes |
| Multilingual | Yes | Yes | Yes | Yes | Yes |
| Free tier | Yes | No | Yes | Yes | Yes |
Switching from US cookie consent?
Side-by-side European alternatives (same hosting, ownership and CLOUD Act checks) for the US tools most often replaced in this category.